CHIPs Discussion phase: Permissionless ICS

Permissionless ICS marks the next evolution of Interchain Security: allowing anyone to launch a chain on the Hub, permissionlessly.

The first version of ICS, Replicated Security, required a governance proposal to add a consumer chain. This is because the majority of validators were obligated to run each consumer chain.

With ICS 2.0, the majority of consumer chains are expected to use a mode called opt-in security. With opt-in, validators are free to choose whether they want to run a given consumer chain. In principle, this should also enable consumer chains to be created permissionlessly, using a simple transaction instead of a governance proposal.

The current release of ICS still uses a governance proposal to create consumer chains, even though permissionless creation is possible in theory. This is because switching to fully permissionless chain creation will take some refactoring of the codebase and we wanted to stage the work to release something as soon as possible.

We’re about to start on this work and are releasing this discussion-phase CHIPs post to follow the process and just in case anyone has any different ideas or any good reasons to keep chain creation governance gated.

Consumer chain ownership

Consumer chains will also have a new feature called “ownership”. This will allow a DAO, or the consumer chain’s own on-chain governance to control many of a consumer chain’s settings. Some example use cases:

  • The development/community DAO of a pre-launch consumer chain sets the spawn time to start the chain once development is complete and enough validators have opted in.
  • A consumer chain’s on-chain governance modifies the consumer chain’s DenyList to exclude exchange validators.
  • A consumer chain’s governance raises the ValidatorNumberCap to let more validators into its active set.

How it will work

  • Anyone will be able to create a new consumer chain using a single transaction.
  • A specific account will be the owner of each consumer chain. This account will be able to change metadata at any time, including settings such as validator number cap, validator power cap, validator allowlist, spawn time, etc.
  • This could be a single user, but is more likely to be DAO, and in most cases will be controlled by the consumer chain’s own on-chain governance over IBC.
  • The spawn time is one of the pieces of metadata that can be modified. This means that a consumer chain can set the spawn time in the future to give it some time to build an initial validator set, and then expedite or delay the launch if necessary.

Glad to see ICS moving towards a fully permissionless model! This also gives the teams more flexibility and control over the early launch stages which seems to be very important today.

What would be the timeframe for this to be live on-chain?

Will there be some sort of marketplace for validators to find these new chains, or how will these chains let operators know they’re launching?


I really love this direction.


Yes - I’ll charge a flat fee for telegram intros :stuck_out_tongue:

On a serious note, we’re working on something to help with this coordination. Both to help consumer chains figure out the validators they want or need (based on voting power needs, etc), and something for validators to see the chains in the pipeline and make contact.

Agree that this is crucial. Knowing who to contact when getting started as a consumer chain is already difficult. Going permissionless and opt-in will just compound those issues if not addressed


These are really great features. We saw that particular point as a potential improvement area in our PSS review. It’s encouraging to see that these areas of concern are currently being addressed in the development pipeline.

Definitely aligned with this.

1 Like

What is the price for getting a Chain Id? I’d say 1000 ATOM.

If there is no price for permissionless chain creation, bots will create ghost chains non-stop. We need to somehow prevent spam.


Peut-être qu’au lieu d’imposer un prix pour l’obtention d’un id, il faudrait imaginer une période “proof of seriousness” pendant laquelle la gouvernance d’Atom peut rm -rf une consumer chain malhonnête/spam.

En somme garder l’aspect permissionless “pur” mais en imposant à chaque nouvel entrant une période d’essai sous l’oeil de la communauté Atom.

Sinon, bravo aux équipes en charge de ces évolutions, ça fait du bien de voir le développement du Cosmos Hub sous stéroïdes.


Excited to see such shipping :ship:


In this design, it is OK for two chains to have the same chain ID. This mirrors IBC. For example, right now I could set up a channel to a chain with the chain id osmosis-1, even though osmosis already exists.


ser, we are on a mission.

The details of this will be featured on our Q3 roadmap, which will be released after the next oversight committee meeting. You might get a sneak preview if you’re attending the Cosmos Hub ethCC event.

For the record, I will charge 5% below whatever @Syed charges.

sounds cool. would love to see where this unfolds

1 Like